Hi,

We are analyzing vulnerable C++ code snippets migrated from StackOverflow too Github. We noted a vulnerable code snippet in your repository that was most likely copied from Stack Overflow. The vulnerability exists in file

Here is a summary of the vulnerable code snippet:

Description:

If current_index or current_index + sizeof(T) get larger than size of vec, information leakage can occur.

static T get_from_vector(const std::vector<uint8_t>& vec, const size_t current_index){

example:

int main(){
std::vector<uint8_t> vec {0x01, 0x05};
auto byte1 = get_from_vector<uint8_t>(vec, 10);
auto byte2 = get_from_vector<uint16_t>(vec, 20);
auto byte4 = get_from_vector<uint32_t>(vec, 50);
auto byte8 = get_from_vector<uint64_t>(vec, 32);
printf("%x - %x -%x -%x",byte1,byte2,byte4,byte8);
}

output it's being like this:

0 - 0 -0 -382d3531

Mitigation:

Validate size of current_index + sizeof(T) to always be in the boundary of vec.

Please verify our report here with regards to the above vulnerability to assist you.
Link to survey (should not take more than 5 minutes).

Sincerely yours,
Morteza …, university info
Jafar, .. university info
Ashkan Sami, university, website
Foutse Khomh, Polytechnique Montreal, website: http://www.khomh.net/
Gias Uddin, Polytechnique Montreal, website: https://giasuddin.github.io
...

When running with Python 3.8.3 , even though all the libraries are installed, I get the following error :

Traceback (most recent call last):
File "main.py", line 488, in
cc, bank_name = run(img_name)
File "main.py", line 456, in run
c = try_ocr(d1)
File "main.py", line 177, in try_ocr
classify = inputdata(img_copy)
File "main.py", line 69, in inputdata
return predict_knn(H)
File "main.py", line 54, in predict_knn
predict = knn.predict(df.reshape(1, -1))[0]
File "C:\Users\farza\AppData\Local\Programs\Python\Python38\lib\site-packages\sklearn\neighbors_classification.py", line 173, in predict
neigh_dist, neigh_ind = self.kneighbors(X)
File "C:\Users\farza\AppData\Local\Programs\Python\Python38\lib\site-packages\sklearn\neighbors_base.py", line 613, in kneighbors
n_samples_fit = self.n_samples_fit_
AttributeError: 'KNeighborsClassifier' object has no attribute 'n_samples_fit_'

why ?

Hi,

We are analyzing vulnerable C++ code snippets migrated from StackOverflow too Github. We noted a vulnerable code snippet in your repository that was most likely copied from Stack Overflow. The vulnerability exists in file

Here is a summary of the vulnerable code snippet:

Description:

If current_index or current_index + sizeof(T) get larger than size of vec, information leakage can occur.

static T get_from_vector(const std::vector<uint8_t>& vec, const size_t current_index){

example:

int main(){
std::vector<uint8_t> vec {0x01, 0x05};
auto byte1 = get_from_vector<uint8_t>(vec, 10);
auto byte2 = get_from_vector<uint16_t>(vec, 20);
auto byte4 = get_from_vector<uint32_t>(vec, 50);
auto byte8 = get_from_vector<uint64_t>(vec, 32);
printf("%x - %x -%x -%x",byte1,byte2,byte4,byte8);
}

output it's being like this:

0 - 0 -0 -382d3531

Mitigation:

Validate size of current_index + sizeof(T) to always be in the boundary of vec.

Please verify our report here with regards to the above vulnerability to assist you.
Link to survey (should not take more than 5 minutes).

Sincerely yours,
Morteza …, university info
Jafar, .. university info
Ashkan Sami, university, website
Foutse Khomh, Polytechnique Montreal, website: http://www.khomh.net/
Gias Uddin, Polytechnique Montreal, website: https://giasuddin.github.io
...